install simplerisk on ubuntu 14.04 (apache:mysql:php) · install simplerisk on ubuntu 14.04...
TRANSCRIPT
InstallSimpleRiskonUbuntu14.04
IntroductionSimpleRiskisasimpleandfreetooltoperformriskmanagementactivities.BasedentirelyonopensourcetechnologiesandsportingaMozillaPublicLicense2.0,aSimpleRiskinstancecanbestoodupinminutesandinstantlyprovidesthesecurityprofessionalwiththeabilitytosubmitrisks,planmitigations,facilitatemanagementreviews,prioritizeforprojectplanning,andtrackregularreviews.Itishighlyconfigurableandincludesdynamicreportingandtheabilitytotweakriskformulasonthefly.Itisunderactivedevelopmentwithnewfeaturesbeingaddedallthetimeandcanbedownloadedforfreeordemoedathttps://www.simplerisk.it/.
DisclaimerTheluckysecurityprofessionalsworkforcompanieswhocanaffordexpensiveGRCtoolstoaideinmanagingrisk.Theunluckymajorityoutthereusuallyendupspendingcountlesshoursmanagingriskviaspreadsheets.It’scumbersome,timeconsuming,andjustplainsucks.WhenJoshSokolstartedwritingSimpleRisk,itwasoutofpurefrustrationwiththeotheroptionsoutthere.Whathe’sputtogetherisundoubtedlybetterthanspreadsheetsandgetsyoumostofthewaytowardsthe“R”inGRCwithoutbreakingthebank.Thatsaid,humanscanmakemistakes,andthereforetheSimpleRisksoftwareisprovidedtoyouwithnowarrantiesexpressedorimplied.Ifyougetstuck,[email protected]’lldoourbesttohelpyouout.Also,whileSimpleRiskwaswrittenbyasecuritypractitionerwithsecurityinmind,thereisnowaytopromisethatitis100%secure.Youacceptthatasariskwhenusingthesoftware,butifyoudofindanyissues,pleasereportthemtoussothatwecanfixthemASAP.
InstallUbuntuSimpleRiskshouldbeabletoworkonjustaboutanyoperatingsystemthatiscapableofrunningPHPandMySQL.SincethepurposeofthisguideistogetyouupandrunningwithSimpleRiskasquicklyaspossible,weassumethatyouareusingUbuntu,aFREEandeasytouseLinux-basedoperatingsystem.DownloadthelatestversionofUbuntu(atthetimeofthiswritingit’s14.04)andinstallit.SeetheUbuntudocumentationifyouarehavinganyissuesthere.Onceyouhaveaworkinginstallation,youcanmoveontothenextinstallationsteps.
GettheLatestUbuntuUpdatesLogintoyourUbuntuinstallationusingtheusernameandpasswordyoudefinedatsetup.SelecttheUnitymenu(theoneattheverytopofthebarontheleft)andtype“terminal”inthefieldthatpopsup.Thisshouldshowyouashortcuttotheterminalapplication.Youcanclickittolaunchtheterminal,but
itmaybeagoodideatodragittotheUnitybarontheleftfirstsothatyoucaneasilystartitinthefuture.
Oncetheterminalislaunched,youwillwanttoupdatetheOStothelatestsoftwareversionsavailable.Todothisrun“sudoapt-getupdate”andenteryourpasswordwhenprompted.
Thiswillpulldownthelatestversioninformationforalloftheinstalledoperatingsystemfiles.Nowrun“sudoapt-getdist-upgrade”andanswer“y”whenitasksifyouwouldliketocontinue.
InstallingApache,PHP,andMySQLThenextstepistoinstallthenecessaryfilesinordertorunApachewithPHPandMySQLonthissystem.Todo,thisfirstrunthecommand“sudoapt-getinstalltasksel”.
Next,telltheservertoinstallaLAMPstackbyrunningthecommand“sudotaskselinstalllamp-server”.
YoushouldnowseetheterminalchangeintoapackageconfigurationapplicationthatdownloadsandinstallstheapplicationsnecessaryinordertorunaLAMPstackontheserver.EventuallyitwillpausetheinstallinordertoaskyoutospecifyaMySQL“root”password.Generatealongandrandompasswordandsaveitoffinasecurelocationsothatyoucanaccessitlater.Youwillknowthatthisinstallationprocessiscompletewhenthepackageconfigurationscreengoesawayandyouarebackattheterminalshell.
ConfiguringApachefortheSimpleRiskAPI1) Runthecommand“a2enmodrewrite”toenablemod_rewriteforApache.2) OpenthefilecontainingtheApachesiteconfiguration.Thisislikelyfoundunder
/etc/apache2/sites-enabled.3) Findthe“Directory”sectionforyoursimplerisksiteandaddalineatthetopfor“AllowOverride
all”.Itshouldlooksomethinglikethis:
4) RestartApachebyrunningthecommand“serviceapache2restart”.
ObtainingtheSimpleRiskFilesClickontheFireFoxlogointheUnitybarontheleft.OnceFireFoxloads,enterhttps://www.simplerisk.it/intotheURLbartogototheSimpleRisksite.Clickonthe“Download”linkatthetop.
ClicktodownloadandsaveboththeWebBundleandtheInstallerScript.Onceyouhavethefilesdownloaded,youcanclosethebrowser.
InstallingtheWebFilesChangetothenewApachewebrootbyrunningthecommand“cd/var/www/html”.
Removethedefaultindexpageusingthecommand“sudormindex.html”.Extractthewebbundleintothewebdirectoryusingthecommand“sudotarxvzf~/Downloads/simplerisk-20160612-001.tgz”(orwhateverthemostcurrentversionavailableis).
Thiswillextractthefilesintoadirectoryunderthewebrootnamed“simplerisk”.Youwillneedtoaccessthefileswitha“/simplerisk”appendedtotheURL.Optionally,youcanrunthefollowingcommandstomoveittothewebroot:
• sudomvsimplerisk/*.• sudormdirsimplerisk
Changetheownershippermissionsofthe“simplerisk”directoryandallitssub-directoriestobeownedbythewww-datauser(orwhateveruserApacheisrunningas)usingthecommand“sudochown–Rwww-data:/var/www/html”.
InstallingtheDatabaseExtractthecurrentSimpleRiskinstallertothe“simplerisk”directoryusingthecommand“sudotarxvzf~/Downloads/simplerisk-installer-20160612-001.tgz”(orwhateverthemostcurrentversionavailableis).Thiswillcreateanew“install”directory.Next,inyourwebbrowser,navigatetohttp://localhost/install
onyourSimpleRiskinstance.Ifeverythingworksasexpected,youwillseeaninstallerpagedesignedtoconfigurethedatabaseforyou.
UndertheDatabaseConnectionInformation,provideitwithyourdatabasehostname,port,username,andpassword.UndertheSimpleRiskInstallationInformation,provideitwiththeSimpleRiskdatabasehostname,databasename,andusernamethatyouwouldlikeSimpleRisktouse.ArandompasswordwillbegeneratedfortheBydefault,itwillgenerateastrong,randomlygenerateddatabasepasswordandwerecommendthatyoukeepthatvalue.UndertheSimpleRiskConfigurationInformation,youhavetheabilitytochoosethedefaultlanguage,sessiontimeouts,defaulttimezone,andotheroptions.Withtheexceptionofthedatabaseschemalanguageandtimezone,werecommendthatyoukeepthedefaultvalues.Whenthescriptcompletes,itwillaskifyouwouldliketoinstallanew/includes/config.phppage.Select“Update”tohaveitautomaticallyupdatedwiththeinstallerinformation.Ifitdoesnothavepermissiontowritetothefile,orcannotfindtheexistingconfig.phpfile,thenitwillprovideyouwiththecontentstoplaceinitinstead.Itisalwaysagoodideatodeletethe“install”directoryonceitisnolongerneededusingthecommand“sudorm–rinstall”.
LoggingintoSimpleRiskYoushouldnowhaveperformedallofthestepsyouneedtoforSimpleRisktobeupandrunning.Nowisthemomentoftruthwherewehopefullygettoseeifallofyourhardworkpaidoff.YounowneedtopointyourwebbrowsertotheURLwhereSimpleRiskwouldbeinstalled.Ifyoufollowedtheoptionalinstructions,thenitshouldbelocatedathttp://localhost/.Ifyoudidnot,thenitisprobablylocatedathttp://localhost/simplerisk.Youwillknowthatyou’vegottherightpagewhenyouseesomethinglikethis:
Enterusername“admin”andpassword“admin”togetstarted.Then,selectthe“Admin”dropdownatthetoprightandclickon“MyProfile”.
Enteryourcurrentpasswordas“admin”andplaceanewlongandrandomlygeneratedpasswordintothe“NewPassword”and“ConfirmPassword”fields.Thenclick“Submit”.
Youshouldreceiveamessagesayingthatyourpasswordwasupdatedsuccessfully.Ifso,thenthisisyournew“admin”passwordforSimpleRisk.Ifyoureceivedamessagesayingthat“Thepasswordentereddoesnotadheretothepasswordpolicy”,youcanchangethepolicybyselecting“Configure”fromthemenuatthetopfollowedby“UserManagement”ontheleftside.Youwillseea“PasswordPolicy”sectionatthebottomofthepagewhereyoucanchangethepolicyandtrychangingyourpasswordagain.
RegisteringSimpleRiskThisstepiscompletelyoptional,butwithoutitupgradesofSimpleRiskwillrequiremanualdownloadsofthenewversion,backingupyourconfigurationfile,extractingthenewfiles,restoringtheconfigurationfile,andadatabaseupgrade.Itsoundslikemoreeffortthanitreallyis,butwe’vemadetheprocessfarsimplerifyou’rewillingtotelluswhoyouare.ToregisteryourSimpleRiskinstance,select“Configure”fromthemenuatthetopfollowedby“Register&Upgrade”fromthemenuattheleft.
Enteryourinformationandselectthe“Register”button.ThiswillcreateauniqueInstanceIDforyourSimpleRiskinstanceanddownloadtheUpgradeExtrawhichenablesfunctionalityforone-clickbackupsandupgrades.Ifyourunintoissueswiththeregistrationprocess,werecommendthatyouchecktoensurethatthe“simplerisk”directoryanditssub-directoriesarewriteablebythewww-datauser(orwhateveruserApacheisrunningas).
**ThiscompletesyourinstallationofSimpleRisk**
SimpleRiskPaidSupportandExtrasEverythingthatyou’veseenuptothispointiscompletelyfreeforyoutoinstallanduse,forever.Thatsaid,weofferanumberofwaysforyoutoenhanceyourSimpleRiskinstancewithevenmorefunctionality.Ifyoulikewhatyousee,andfindituseful,pleaseconsiderpurchasingoneofourinexpensivePaidSupportplansorExtrafunctionalitysothatwecancontinuetoofferyouthebestopensourceriskmanagementtoolavailable.Thankyou!